>What exactly is the nature of the security risk in using a sudo script for
>users to recover files with Amanda. ...
They have access to everything, not just their own files.
There are also tape mounting issues. Amrecover does not currently
interface with the Amanda tape changers, so mounts have to be done
"by hand".
>On previous systems we had the Legato
>Networker package for file recovery and it had a set of user tools that
>seemed to check the owner, group and file permissions and compare with the
>user's permissions to determine whether the user had permission to backup
>the file. ...
That's because Legato uses its own backup system. Amanda does not
do backups. It manages other programs that do them (tar, dump, etc).
It's those programs that would have to enforce the security issues
(at least some of them), and Amanda has no control over that.
>... Are any file attributes (permissions, owner, and/or group,
>file location, etc) stored in the archives generated by Amanda? ...
That information is not available to Amanda from the backup programs
it runs. Tar might be able to provide it. Dump is hopeless because
the vendors would have to change.
>Randall
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
